SAP Enterprise Application Software
Products by SAP Sorted by Most Security Vulnerabilities since 2018
@sap Tweets

Tue Apr 20 16:08:01 +0000 2021

Tue Apr 20 14:12:01 +0000 2021

Tue Apr 20 12:34:01 +0000 2021

Tue Apr 20 08:27:01 +0000 2021

Tue Apr 20 04:02:00 +0000 2021
By the Year
In 2021 there have been 59 vulnerabilities in SAP with an average score of 7.2 out of ten. Last year SAP had 167 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in SAP in 2021 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2021 is greater by 0.55.
Year | Vulnerabilities | Average Score |
---|---|---|
2021 | 59 | 7.21 |
2020 | 167 | 6.66 |
2019 | 123 | 6.67 |
2018 | 126 | 6.93 |
It may take a day or so for new SAP vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.
Latest SAP Security Vulnerabilities
SAP Manufacturing Execution (System Rules), versions - 15.1, 15.2, 15.3, 15.4
CVE-2021-27600
5.4 - Medium
- April 13, 2021
SAP Manufacturing Execution (System Rules), versions - 15.1, 15.2, 15.3, 15.4, allows an authorized attacker to embed malicious code into HTTP parameter and send it to the server because SAP Manufacturing Execution (System Rules) tab does not sufficiently encode some parameters, resulting in Stored Cross-Site Scripting (XSS) vulnerability. The malicious code can be used for different purposes. e.g., information can be read, modified, and sent to the attacker. However, availability of the server cannot be impacted.
XSS
An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABAP, versions - 731, 740, 750
CVE-2021-27603
6.5 - Medium
- April 13, 2021
An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABAP, versions - 731, 740, 750, allows to keep a work process busy for any length of time. An attacker could call this function module multiple times to block all work processes thereby causing Denial of Service and affecting the Availability of the SAP system.
SAP's HCM Travel Management Fiori Apps V2, version - 608, does not perform proper authorization check
CVE-2021-27605
4.3 - Medium
- April 13, 2021
SAP's HCM Travel Management Fiori Apps V2, version - 608, does not perform proper authorization check, allowing an authenticated but unauthorized attacker to read personnel numbers of employees, resulting in escalation of privileges. However, the attacker can only read some information like last name, first name of the employees, so there is some loss of confidential information, Integrity and Availability are not impacted.
AuthZ
When a user opens manipulated Graphics Interchange Format (.GIF) files received
CVE-2021-27593
3.3 - Low
- March 22, 2021
When a user opens manipulated Graphics Interchange Format (.GIF) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
When a user opens manipulated Windows Bitmap (.BMP) files received
CVE-2021-27594
3.3 - Low
- March 22, 2021
When a user opens manipulated Windows Bitmap (.BMP) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
Improper Input Validation
When a user opens manipulated Portable Document Format (.PDF) files received
CVE-2021-27595
3.3 - Low
- March 22, 2021
When a user opens manipulated Portable Document Format (.PDF) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
Improper Input Validation
When a user opens manipulated Autodesk 3D Studio for MS-DOS (.3DS) files received
CVE-2021-27596
3.3 - Low
- March 22, 2021
When a user opens manipulated Autodesk 3D Studio for MS-DOS (.3DS) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
Improper Input Validation
SAP Netweaver Application Server Java (Applications based on WebDynpro Java) versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50
CVE-2021-21491
6.1 - Medium
- March 10, 2021
SAP Netweaver Application Server Java (Applications based on WebDynpro Java) versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.
Open Redirect
SAP MII allows users to create dashboards and save them as JSP through the SSCE (Self Service Composition Environment)
CVE-2021-21480
8.8 - High
- March 09, 2021
SAP MII allows users to create dashboards and save them as JSP through the SSCE (Self Service Composition Environment). An attacker can intercept a request to the server, inject malicious JSP code in the request and forward to server. When this dashboard is opened by Users having at least SAP_XMII_Developer role, malicious content in the dashboard gets executed, leading to remote code execution in the server, which allows privilege escalation. The malicious JSP code can contain certain OS commands, through which an attacker can read sensitive files in the server, modify files or even delete contents in the server thus compromising the confidentiality, integrity and availability of the server hosting the SAP MII application.
Code Injection
The MigrationService
CVE-2021-21481
8.8 - High
- March 09, 2021
The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform an authorization check. This might allow an unauthorized attacker to access configuration objects, including such that grant administrative privileges. This could result in complete compromise of system confidentiality, integrity, and availability.
AuthZ
LDAP authentication in SAP HANA Database version 2.0
CVE-2021-21484
9.8 - Critical
- March 09, 2021
LDAP authentication in SAP HANA Database version 2.0 can be bypassed if the attached LDAP directory server is configured to enable unauthenticated bind.
AuthZ
SAP Enterprise Financial Services versions
CVE-2021-21486
8.8 - High
- March 09, 2021
SAP Enterprise Financial Services versions, 101, 102, 103, 104, 105, 600, 603, 604, 605, 606, 616, 617, 618, 800, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
AuthZ
Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50
CVE-2021-21488
6.5 - Medium
- March 09, 2021
Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allows a remote attacker with basic privileges to deserialize user-controlled data without verification, leading to insecure deserialization which triggers the attackers code, therefore impacting Availability.
Marshaling, Unmarshaling
When a user opens manipulated Graphics Interchange Format (.GIF) format files received
CVE-2021-21493
3.3 - Low
- March 09, 2021
When a user opens manipulated Graphics Interchange Format (.GIF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.
When a user opens manipulated PhotoShop Document (.PSD) format files received
CVE-2021-27584
3.3 - Low
- March 09, 2021
When a user opens manipulated PhotoShop Document (.PSD) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.
When a user opens manipulated Computer Graphics Metafile (.CGM) format files received
CVE-2021-27585
7.8 - High
- March 09, 2021
When a user opens manipulated Computer Graphics Metafile (.CGM) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.
When a user opens manipulated Interchange File Format (.IFF) format files received
CVE-2021-27586
7.8 - High
- March 09, 2021
When a user opens manipulated Interchange File Format (.IFF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.
When a user opens manipulated Jupiter Tessellation (.JT) format files received
CVE-2021-27587
7.8 - High
- March 09, 2021
When a user opens manipulated Jupiter Tessellation (.JT) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.
When a user opens manipulated HPGL format files received
CVE-2021-27588
7.8 - High
- March 09, 2021
When a user opens manipulated HPGL format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.
When a user opens manipulated Scalable Vector Graphics (.SVG) format files received
CVE-2021-27589
7.8 - High
- March 09, 2021
When a user opens manipulated Scalable Vector Graphics (.SVG) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.
When a user opens manipulated Tag Image File Format (.TIFF) format files received
CVE-2021-27590
7.8 - High
- March 09, 2021
When a user opens manipulated Tag Image File Format (.TIFF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.
When a user opens manipulated Portable Document Format (.PDF) format files received
CVE-2021-27591
7.8 - High
- March 09, 2021
When a user opens manipulated Portable Document Format (.PDF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.
When a user opens manipulated Universal 3D (.U3D) files received
CVE-2021-27592
7.8 - High
- March 09, 2021
When a user opens manipulated Universal 3D (.U3D) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
SAP Payment Engine version 500
CVE-2021-21487
8.8 - High
- March 09, 2021
SAP Payment Engine version 500, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
AuthZ
SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who manages to obtain an MD5-digest signed SAML Assertion issued for an SAP HANA instance might be able to tamper with it and alter it in a way
CVE-2021-21474
6.5 - Medium
- February 09, 2021
SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who manages to obtain an MD5-digest signed SAML Assertion issued for an SAP HANA instance might be able to tamper with it and alter it in a way that the digest continues to be the same and without invalidating the digital signature, this allows them to impersonate as user in HANA database and be able to read the contents in the database.
Improper Verification of Cryptographic Signature
SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1
CVE-2021-21476
6.1 - Medium
- February 09, 2021
SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1 allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.
Open Redirect
SAP Business Objects BI Platform, versions - 410, 420, 430
CVE-2021-21444
6.1 - Medium
- February 09, 2021
SAP Business Objects BI Platform, versions - 410, 420, 430, allows multiple X-Frame-Options headers entries in the response headers, which may not be predictably treated by all user agents. This could, as a result, nullify the added X-Frame-Options header leading to Clickjacking attack.
Clickjacking
SAP Software Provisioning Manager 1.0 (SAP NetWeaver Master Data Management Server 7.1) does not have an option to set password during its installation, this
CVE-2021-21472
8.8 - High
- February 09, 2021
SAP Software Provisioning Manager 1.0 (SAP NetWeaver Master Data Management Server 7.1) does not have an option to set password during its installation, this allows an authenticated attacker to perform various security attacks like Directory Traversal, Password Brute force Attack, SMB Relay attack, Security Downgrade.
Under specific circumstances SAP Master Data Management, versions - 710, 710.750
CVE-2021-21475
7.5 - High
- February 09, 2021
Under specific circumstances SAP Master Data Management, versions - 710, 710.750, allows an unauthorized attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs. Due to this Directory Traversal vulnerability the attacker could read content of arbitrary files on the remote server and expose sensitive data.
Directory traversal
SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certain users with required privileges to edit drools rules, an authenticated attacker with this privilege will be able to inject malicious code in the drools rules
CVE-2021-21477
9.9 - Critical
- February 09, 2021
SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certain users with required privileges to edit drools rules, an authenticated attacker with this privilege will be able to inject malicious code in the drools rules which when executed leads to Remote Code Execution vulnerability enabling the attacker to compromise the underlying host enabling him to impair confidentiality, integrity and availability of the application.
Code Injection
SAP Web Dynpro ABAP
CVE-2021-21478
6.1 - Medium
- February 09, 2021
SAP Web Dynpro ABAP allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.
Open Redirect
In SCIMono before 0.0.19
CVE-2021-21479
9.1 - Critical
- February 09, 2021
In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system.
Injection
SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011
CVE-2021-21445
5.4 - Medium
- January 12, 2021
SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an authenticated attacker to include invalidated data in the HTTP response Content Type header, due to improper input validation, and sent to a Web user. A successful exploitation of this vulnerability may lead to advanced attacks, including cross-site scripting and page hijacking.
HTTP Request Smuggling
SAP NetWeaver AS ABAP, versions 740, 750, 751, 752, 753, 754, 755
CVE-2021-21446
7.5 - High
- January 12, 2021
SAP NetWeaver AS ABAP, versions 740, 750, 751, 752, 753, 754, 755, allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service, this has a high impact on the availability of the service.
Resource Exhaustion
SAP 3D Visual Enterprise Viewer, version - 9
CVE-2021-21449
8.8 - High
- January 12, 2021
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
Buffer Overflow
SAP 3D Visual Enterprise Viewer, version - 9
CVE-2021-21450
8.8 - High
- January 12, 2021
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PSD file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
Buffer Overflow
SAP 3D Visual Enterprise Viewer, version - 9
CVE-2021-21451
8.8 - High
- January 12, 2021
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SGI file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
Buffer Overflow
SAP 3D Visual Enterprise Viewer, version - 9
CVE-2021-21452
8.8 - High
- January 12, 2021
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
Buffer Overflow
SAP 3D Visual Enterprise Viewer, version - 9
CVE-2021-21453
8.8 - High
- January 12, 2021
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RLE file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
Buffer Overflow
SAP 3D Visual Enterprise Viewer, version - 9
CVE-2021-21454
8.8 - High
- January 12, 2021
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RLE file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
Memory Corruption
SAP 3D Visual Enterprise Viewer, version - 9
CVE-2021-21455
8.8 - High
- January 12, 2021
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated DIB file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
Memory Corruption
SAP 3D Visual Enterprise Viewer, version - 9
CVE-2021-21456
8.8 - High
- January 12, 2021
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated DIB file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
Memory Corruption
SAP 3D Visual Enterprise Viewer, version - 9
CVE-2021-21457
8.8 - High
- January 12, 2021
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
Buffer Overflow
SAP 3D Visual Enterprise Viewer, version - 9
CVE-2021-21458
8.8 - High
- January 12, 2021
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
Buffer Overflow
SAP 3D Visual Enterprise Viewer, version - 9
CVE-2021-21459
8.8 - High
- January 12, 2021
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
Memory Corruption
SAP 3D Visual Enterprise Viewer, version - 9
CVE-2021-21460
8.8 - High
- January 12, 2021
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated DIB file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
Memory Corruption
SAP 3D Visual Enterprise Viewer, version - 9
CVE-2021-21461
8.8 - High
- January 12, 2021
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
Memory Corruption
SAP 3D Visual Enterprise Viewer, version - 9
CVE-2021-21462
8.8 - High
- January 12, 2021
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
Memory Corruption
SAP 3D Visual Enterprise Viewer, version - 9
CVE-2021-21463
8.8 - High
- January 12, 2021
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
Out-of-bounds Read
SAP 3D Visual Enterprise Viewer, version - 9
CVE-2021-21464
4.3 - Medium
- January 12, 2021
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database
CVE-2021-21465
9.9 - Critical
- January 12, 2021
The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the database will execute without properly sanitizing the untrusted data leading to SQL injection vulnerability which can fully compromise the affected SAP system.
SQL Injection
SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100, 200
CVE-2021-21466
8.8 - High
- January 12, 2021
SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100, 200, allow a low privileged attacker to inject code using a remote enabled function module over the network. Via the function module an attacker can create a malicious ABAP report which could be used to get access to sensitive data, to inject malicious UPDATE statements that could have also impact on the operating system, to disrupt the functionality of the SAP system which can thereby lead to a Denial of Service.
Code Injection
SAP Banking Services (Generic Market Data) does not perform necessary authorization checks for an authenticated user
CVE-2021-21467
4.3 - Medium
- January 12, 2021
SAP Banking Services (Generic Market Data) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. An unauthorized User is allowed to display restricted Business Partner Generic Market Data (GMD), due to improper authorization check.
AuthZ
The BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges
CVE-2021-21468
6.5 - Medium
- January 12, 2021
The BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges that allows the user to practically read out any database table.
AuthZ
SAP BusinessObjects Business Intelligence platform, versions 410, 420
CVE-2021-21447
5.4 - Medium
- January 12, 2021
SAP BusinessObjects Business Intelligence platform, versions 410, 420, allows an authenticated attacker to inject malicious JavaScript payload into the custom value input field of an Input Control, which can be executed by User who views the relevant application content, which leads to Stored Cross-Site Scripting.
XSS
SAP GUI for Windows, version - 7.60
CVE-2021-21448
6.5 - Medium
- January 12, 2021
SAP GUI for Windows, version - 7.60, allows an attacker to spoof logon credentials for Application Server ABAP backend systems in the client PCs memory. Under certain conditions the attacker can access information which would otherwise be restricted. The exploit can only be executed locally on the client PC and not via Network and the attacker needs at least user authorization of the Operating System user of the victim.
Insufficiently Protected Credentials
When security guidelines for SAP NetWeaver Master Data Management running on windows have not been thoroughly reviewed
CVE-2021-21469
7.5 - High
- January 12, 2021
When security guidelines for SAP NetWeaver Master Data Management running on windows have not been thoroughly reviewed, it might be possible for an external operator to try and set custom paths in the MDS server configuration. When no adequate protection has been enforced on any level (e.g., MDS Server password not set, network and OS configuration not properly secured, etc.), a malicious user might define UNC paths which could then be exploited to put the system at risk using a so-called SMB relay attack and obtain highly sensitive data, which leads to Information Disclosure.
Information Disclosure
SAP EPM Add-in for Microsoft Office, version - 1010 and SAP EPM Add-in for SAP Analysis Office, version - 2.8, allows an authenticated attacker with user privileges to parse malicious XML files which could result in XXE-based attacks in applications
CVE-2021-21470
4.4 - Medium
- January 12, 2021
SAP EPM Add-in for Microsoft Office, version - 1010 and SAP EPM Add-in for SAP Analysis Office, version - 2.8, allows an authenticated attacker with user privileges to parse malicious XML files which could result in XXE-based attacks in applications that accept attacker-controlled XML configuration files. This occurs as logging service does not disable XML external entities when parsing configuration files and a successful exploit would result in limited impact on integrity and availability of the application.
XXE
In CLA-Assistant, versions before 2.8.5, due to improper access control an authenticated user could access API endpoints
CVE-2021-21471
6.5 - Medium
- January 12, 2021
In CLA-Assistant, versions before 2.8.5, due to improper access control an authenticated user could access API endpoints which are not intended to be used by the user. This could impact the integrity of the application.
SAP AS JAVA (Key Storage Service), versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the key material
CVE-2020-26816
4.5 - Medium
- December 09, 2020
SAP AS JAVA (Key Storage Service), versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the key material which is stored in the SAP NetWeaver AS Java Key Storage service stored in the database in the DER encoded format and is not encrypted. This enables an attacker who has administrator access to the SAP NetWeaver AS Java to decode the keys because of missing encryption and get some application data and client credentials of adjacent systems. This highly impacts Confidentiality as information disclosed could contain client credentials of adjacent systems.
Missing Encryption of Sensitive Data
Process Integration Monitoring of SAP NetWeaver AS JAVA, versions - 7.31, 7.40, 7.50
CVE-2020-26826
6.5 - Medium
- December 09, 2020
Process Integration Monitoring of SAP NetWeaver AS JAVA, versions - 7.31, 7.40, 7.50, allows an attacker to upload any file (including script files) without proper file format validation, leading to Unrestricted File Upload.
Unrestricted File Upload
SAP Disclosure Management, version - 10.1, provides capabilities for authorized users to upload and download content of specific file type
CVE-2020-26828
6.4 - Medium
- December 09, 2020
SAP Disclosure Management, version - 10.1, provides capabilities for authorized users to upload and download content of specific file type. In some file types it is possible to enter formulas which can call external applications or execute scripts. The execution of a payload (script) on target machine could be used to steal and modify the data available in the spreadsheet
Unrestricted File Upload
SAP NetWeaver AS JAVA (P2P Cluster Communication), versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processes because of missing authentication check
CVE-2020-26829
10 - Critical
- December 09, 2020
SAP NetWeaver AS JAVA (P2P Cluster Communication), versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processes because of missing authentication check, that are outside the cluster and even outside the network segment dedicated for the internal cluster communication. As result, an unauthenticated attacker can invoke certain functions that would otherwise be restricted to system administrators only, including access to system administration functions or shutting down the system completely.
authentification
SAP Solution Manager 7.2 (User Experience Monitoring)
CVE-2020-26830
8.1 - High
- December 09, 2020
SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, does not perform necessary authorization checks for an authenticated user. Due to inadequate access control, a network attacker authenticated as a regular user can use operations which should be restricted to administrators. These operations can be used to Change the User Experience Monitoring configuration, obtain details about the configured SAP Solution Manager agents, Deploy a malicious User Experience Monitoring script.
AuthZ
SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crystal report generation due to missing XML validation, An attacker with basic privileges
CVE-2020-26831
9.6 - Critical
- December 09, 2020
SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crystal report generation due to missing XML validation, An attacker with basic privileges can inject some arbitrary XML entities leading to internal file disclosure, internal directories disclosure, Server-Side Request Forgery (SSRF) and denial-of-service (DoS).
SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA (SAP Landscape Transformation), versions - 101, 102, 103, 104, 105
CVE-2020-26832
7.6 - High
- December 09, 2020
SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA (SAP Landscape Transformation), versions - 101, 102, 103, 104, 105, allows a high privileged user to execute a RFC function module to which access should be restricted, however due to missing authorization an attacker can get access to some sensitive internal information of vulnerable SAP system or to make vulnerable SAP systems completely unavailable.
AuthZ
SAP HANA Database, version - 2.0, does not correctly validate the username when performing SAML bearer token-based user authentication
CVE-2020-26834
5.4 - Medium
- December 09, 2020
SAP HANA Database, version - 2.0, does not correctly validate the username when performing SAML bearer token-based user authentication. It is possible to manipulate a valid existing SAML bearer token to authenticate as a user whose name is identical to the truncated username for whom the SAML bearer token was issued.
authentification
SAP NetWeaver AS ABAP, versions - 740, 750, 751, 752, 753, 754 , does not sufficiently encode URL which
CVE-2020-26835
6.1 - Medium
- December 09, 2020
SAP NetWeaver AS ABAP, versions - 740, 750, 751, 752, 753, 754 , does not sufficiently encode URL which allows an attacker to input malicious java script in the URL which could be executed in the browser resulting in Reflected Cross-Site Scripting (XSS) vulnerability.
XSS
SAP Solution Manager (Trace Analysis), version - 720
CVE-2020-26836
6.1 - Medium
- December 09, 2020
SAP Solution Manager (Trace Analysis), version - 720, allows for misuse of a parameter in the application URL leading to Open Redirect vulnerability, an attacker can enter a link to malicious site which could trick the user to enter credentials or download malicious software, as a parameter in the application URL and share it with the end user who could potentially become a victim of the attack.
Open Redirect
SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, allows an authenticated user to upload a malicious script
CVE-2020-26837
9.1 - Critical
- December 09, 2020
SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, allows an authenticated user to upload a malicious script that can exploit an existing path traversal vulnerability to compromise confidentiality exposing elements of the file system, partially compromise integrity allowing the modification of some configurations and partially compromise availability by making certain services unavailable.
Directory traversal
SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782, and SAP BW4HANA, versions - 100, 200
CVE-2020-26838
9.1 - Critical
- December 09, 2020
SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782, and SAP BW4HANA, versions - 100, 200 allows an attacker authenticated with (high) developer privileges to submit a crafted request to generate and execute code without requiring any user interaction. It is possible to craft a request which will result in the execution of Operating System commands leading to Code Injection vulnerability which could completely compromise the confidentiality, integrity and availability of the server and any data or other applications running on it.
Shell injection
In certain situations, an attacker with regular user credentials and local access to an ASE cockpit installation can access sensitive information
CVE-2020-6317
3.5 - Low
- November 30, 2020
In certain situations, an attacker with regular user credentials and local access to an ASE cockpit installation can access sensitive information which appears in the installation log files. This information although sensitive is of limited utility and cannot be used to further access, modify or render unavailable any other information in the cockpit or system. This affects SAP Adaptive Server Enterprise, Versions - 15.7, 16.0.
Information Disclosure
SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755
CVE-2020-26825
6.1 - Medium
- November 13, 2020
SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to use SAP Fiori Launchpad News tile Application to send malicious code, to a different end user (victim), because News tile does not sufficiently encode user controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability. Information maintained in the victim's web browser can be read, modified, and sent to the attacker. The malicious code cannot significantly impact the victim's browser and the victim can easily close the browser tab to terminate it.
XSS
SAP ERP and SAP S/4 HANA
CVE-2020-6316
4.3 - Medium
- November 10, 2020
SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check.
AuthZ
SAP ERP Client for E-Bilanz, version - 1.0, installation sets Incorrect default filesystem permissions are set in its installation folder which
CVE-2020-26807
3.3 - Low
- November 10, 2020
SAP ERP Client for E-Bilanz, version - 1.0, installation sets Incorrect default filesystem permissions are set in its installation folder which allows anyone to modify the files in the folder.
Incorrect Default Permissions
SAP AS ABAP(DMIS), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA(DMIS), versions - 101, 102, 103, 104, 105, allows an authenticated attacker to inject arbitrary code into function module leading to code injection
CVE-2020-26808
7.2 - High
- November 10, 2020
SAP AS ABAP(DMIS), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA(DMIS), versions - 101, 102, 103, 104, 105, allows an authenticated attacker to inject arbitrary code into function module leading to code injection that can be executed in the application which affects the confidentiality, availability and integrity of the application.
Code Injection
SAP Commerce Cloud, versions- 1808,1811,1905,2005
CVE-2020-26809
5.3 - Medium
- November 10, 2020
SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. This folder could contain sensitive files that results in disclosure of sensitive information and impact system configuration confidentiality.
Incorrect Default Permissions
SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005
CVE-2020-26810
7.5 - High
- November 10, 2020
SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request can render the SAP Commerce service itself unavailable leading to Denial of Service with no impact on confidentiality or integrity.
SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005
CVE-2020-26811
5.3 - Medium
- November 10, 2020
SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request leads to Server Side Request Forgery attack which could lead to retrieval of limited pieces of information about the service with no impact on integrity or availability.
XSPA
SAP Process Integration (PGP Module - Business-to-Business Add On), version - 1.0
CVE-2020-26814
4.9 - Medium
- November 10, 2020
SAP Process Integration (PGP Module - Business-to-Business Add On), version - 1.0, allows an attacker to read PGP Keys under certain conditions in the PGP Module of Business-to-Business Add-On, these keys can then be used to read messages processed by the module leading to Information Disclosure.
SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755
CVE-2020-26815
8.6 - High
- November 10, 2020
SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to send a crafted request to a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network to retrieve sensitive / confidential resources which are otherwise restricted for internal usage only, resulting in a Server-Side Request Forgery vulnerability.
XSPA
SAP 3D Visual Enterprise Viewer, version - 9
CVE-2020-26817
7.8 - High
- November 10, 2020
SAP 3D Visual Enterprise Viewer, version - 9, allows an user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
Memory Corruption
SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information
CVE-2020-26818
8.8 - High
- November 10, 2020
SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information that would otherwise be restricted to highly privileged users because of missing authorization, resulting in Information Disclosure.
Information Disclosure
SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components
CVE-2020-26819
8.8 - High
- November 10, 2020
SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, that allows them to read and delete database logfiles because of Improper Access Control.
authentification
SAP NetWeaver AS JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50
CVE-2020-26820
7.2 - High
- November 10, 2020
SAP NetWeaver AS JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker who is authenticated as an administrator to use the administrator console, to expose unauthenticated access to the file system and upload a malicious file. The attacker or another user can then use a separate mechanism to execute OS commands through the uploaded file leading to Privilege Escalation and completely compromise the confidentiality, integrity and availability of the server operating system and any application running on it.
Unrestricted File Upload
SAP Solution Manager (JAVA stack), version - 7.20
CVE-2020-26821
10 - Critical
- November 10, 2020
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the SVG Converter Service, this has an impact to the integrity and availability of the service.
AuthZ
SAP Solution Manager (JAVA stack), version - 7.20
CVE-2020-26822
10 - Critical
- November 10, 2020
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Outside Discovery Configuration Service, this has an impact to the integrity and availability of the service.
AuthZ
SAP Solution Manager (JAVA stack), version - 7.20
CVE-2020-26823
10 - Critical
- November 10, 2020
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Diagnostics Agent Connection Service, this has an impact to the integrity and availability of the service.
AuthZ
SAP Solution Manager (JAVA stack), version - 7.20
CVE-2020-26824
10 - Critical
- November 10, 2020
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Legacy Ports Service, this has an impact to the integrity and availability of the service.
AuthZ
SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430
CVE-2020-6308
5.3 - Medium
- October 20, 2020
SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal network to determine internal infrastructure and gather information for further attacks like remote file inclusion, retrieve server files, bypass firewall and force the vulnerable server to perform malicious requests, resulting in a Server-Side Request Forgery vulnerability.
XSPA
SAP 3D Visual Enterprise Viewer, version 9
CVE-2020-6315
5.5 - Medium
- October 20, 2020
SAP 3D Visual Enterprise Viewer, version 9, allows an attacker to send certain manipulated file to the victim, which can lead to leakage of sensitive information when the victim loads the malicious file into the VE viewer, leading to Information Disclosure.
SAP Banking Services version 500, use an incorrect authorization object in some of its reports
CVE-2020-6362
6.5 - Medium
- October 20, 2020
SAP Banking Services version 500, use an incorrect authorization object in some of its reports. Although the affected reports are protected with otherauthorization objects, exploitation of the vulnerability could lead to privilege escalation and violation in segregation of duties, which in turn could lead to Service interruptions and system unavailability for the victim and users of the component.
AuthZ
SAP NetWeaver (Compare Systems) versions - 7.20, 7.30, 7.40, 7.50, does not sufficiently validate uploaded XML documents
CVE-2020-6366
6.5 - Medium
- October 20, 2020
SAP NetWeaver (Compare Systems) versions - 7.20, 7.30, 7.40, 7.50, does not sufficiently validate uploaded XML documents. An attacker with administrative privileges can retrieve arbitrary files including files on OS level from the server and/or can execute a denial-of-service.
Improper Input Validation
There is a reflected cross site scripting vulnerability in SAP NetWeaver Composite Application Framework
CVE-2020-6367
6.1 - Medium
- October 20, 2020
There is a reflected cross site scripting vulnerability in SAP NetWeaver Composite Application Framework, versions - 7.20, 7.30, 7.31, 7.40, 7.50. An unauthenticated attacker can trick an unsuspecting authenticated user to click on a malicious link. The end users browser has no way to know that the script should not be trusted, and will execute the script, resulting in sensitive information being disclosed or modified.
XSS
SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7)
CVE-2020-6369
5.9 - Medium
- October 20, 2020
SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an unauthenticated attackers to bypass the authentication if the default passwords for Admin and Guest have not been changed by the administrator.This may impact the confidentiality of the service.
SAP NetWeaver Design Time Repository (DTR)
CVE-2020-6370
4.8 - Medium
- October 20, 2020
SAP NetWeaver Design Time Repository (DTR), versions - 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
XSS
SAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, Start Page
CVE-2020-6365
6.1 - Medium
- October 15, 2020
SAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, Start Page allows an unauthenticated remote attacker to redirect users to a malicious site due to insufficient reverse tabnabbing URL validation. The attacker could execute phishing attacks to steal credentials of the victim or to redirect users to untrusted web pages containing malware or similar malicious exploits.
Open Redirect
SAP Commerce Cloud versions - 1808, 1811, 1905, 2005, does not sufficiently encode user inputs, which
CVE-2020-6272
5.4 - Medium
- October 15, 2020
SAP Commerce Cloud versions - 1808, 1811, 1905, 2005, does not sufficiently encode user inputs, which allows an authenticated and authorized content manager to inject malicious script into several web CMS components. These can be saved and later triggered, if an affected web page is visited, resulting in Cross-Site Scripting (XSS) vulnerability.
XSS
SAP NetWeaver Application Server Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50
CVE-2020-6319
6.1 - Medium
- October 15, 2020
SAP NetWeaver Application Server Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 allows an unauthenticated attacker to include JavaScript blocks in any web page or URL with different symbols which are otherwise not allowed. On successful exploitation an attacker can steal authentication information of the user, such as data relating to his or her current session and limitedly impact confidentiality and integrity of the application, leading to Reflected Cross Site Scripting.
XSS
SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker on a valid session to create an XSS
CVE-2020-6323
6.1 - Medium
- October 15, 2020
SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker on a valid session to create an XSS that will be both reflected immediately and also be persisted and returned in further access to the system, resulting in Cross Site Scripting.
XSS